Allen-Bradley MicroLogix 1400 Multiple Vulnerabilities

Synopsis

Description

The installed firmware on the remote Allen-Bradley MicroLogix 1400 controller is affected by multiple vulnerabilities : - A flaw exists when handling messages that modify specific bits in status files. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a denial of service condition. (CVE-2012-4690) - A flaw exists in the Ethernet/IP protocol implementation when handling a CIP message that specifies a logic-execution 'stop' command. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a denial of service condition. (CVE-2012-6435) - A buffer overflow condition exists due to improper validation of user-supplied input when parsing CIP packets. An unauthenticated, remote attacker can exploit this, via a malformed packet, to cause a denial of service condition. (CVE-2012-6436, CVE-2012-6438) - A flaw exists due to a failure to properly authenticate Ethernet firmware updates. An unauthenticated, remote attacker can exploit this, via a trojan horse update image, to execute arbitrary code. (CVE-2012-6437) - A flaw exists when handling CIP messages that modify network and configuration parameters. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a denial of service condition. (CVE-2012-6439) - A flaw exists due to a failure to properly restrict session replaying. A man-in-the-middle attacker can exploit this, via HTTP traffic, to conduct a replay attack. (CVE-2012-6440) - An information disclosure vulnerability exists in the Ethernet/IP protocol implementation when handling the 'dump' command. An unauthenticated, remote attacker can exploit this, via a specially crafted CIP packet, to disclose the boot code of the device. (CVE-2012-6441) - A flaw exists in the Ethernet/IP protocol implementation when handling a CIP message that specifies a 'reset' command. An unauthenticated, remote attacker can exploit this, via a specially crafted message, to cause a denial of service condition. (CVE-2012-6442)Note that Nessus has not tested for these issues but has instead relied only on the firmware's self-reported version number.

Solution

Upgrade to the latest firmware version, or if not possible, apply the mitigation steps that are recommended by the vendor.